2023-04-29 16:46:19 +00:00
|
|
|
{ lib, ...} : {
|
2022-10-06 18:32:54 +00:00
|
|
|
name = "kubo";
|
2023-04-29 16:46:19 +00:00
|
|
|
meta = with lib.maintainers; {
|
|
|
|
maintainers = [ mguentner Luflosi ];
|
2020-04-24 23:36:52 +00:00
|
|
|
};
|
|
|
|
|
2023-04-29 16:46:19 +00:00
|
|
|
nodes.machine = { config, ... }: {
|
2022-10-06 18:32:54 +00:00
|
|
|
services.kubo = {
|
2020-05-15 21:57:56 +00:00
|
|
|
enable = true;
|
2020-06-15 15:56:04 +00:00
|
|
|
# Also will add a unix domain socket socket API address, see module.
|
|
|
|
startWhenNeeded = true;
|
2022-10-30 15:09:59 +00:00
|
|
|
settings.Addresses.API = "/ip4/127.0.0.1/tcp/2324";
|
2022-03-30 09:31:56 +00:00
|
|
|
dataDir = "/mnt/ipfs";
|
2020-05-15 21:57:56 +00:00
|
|
|
};
|
2023-04-29 16:46:19 +00:00
|
|
|
users.users.alice = {
|
|
|
|
isNormalUser = true;
|
|
|
|
extraGroups = [ config.services.kubo.group ];
|
|
|
|
};
|
2020-04-24 23:36:52 +00:00
|
|
|
};
|
|
|
|
|
2023-04-29 16:46:19 +00:00
|
|
|
nodes.fuse = { config, ... }: {
|
2022-10-06 18:32:54 +00:00
|
|
|
services.kubo = {
|
2022-07-14 12:49:19 +00:00
|
|
|
enable = true;
|
|
|
|
autoMount = true;
|
|
|
|
};
|
2023-04-29 16:46:19 +00:00
|
|
|
users.users.alice = {
|
|
|
|
isNormalUser = true;
|
|
|
|
extraGroups = [ config.services.kubo.group ];
|
|
|
|
};
|
|
|
|
users.users.bob = {
|
|
|
|
isNormalUser = true;
|
|
|
|
};
|
2022-07-14 12:49:19 +00:00
|
|
|
};
|
|
|
|
|
2020-04-24 23:36:52 +00:00
|
|
|
testScript = ''
|
2020-05-15 21:57:56 +00:00
|
|
|
start_all()
|
2020-04-24 23:36:52 +00:00
|
|
|
|
2023-04-29 16:46:19 +00:00
|
|
|
with subtest("Automatic socket activation"):
|
|
|
|
ipfs_hash = machine.succeed(
|
|
|
|
"echo fnord0 | su alice -l -c 'ipfs add --quieter'"
|
|
|
|
)
|
|
|
|
machine.succeed(f"ipfs cat /ipfs/{ipfs_hash.strip()} | grep fnord0")
|
2020-04-24 23:36:52 +00:00
|
|
|
|
2023-04-29 16:46:19 +00:00
|
|
|
machine.stop_job("ipfs")
|
2020-06-18 07:06:33 +00:00
|
|
|
|
2023-04-29 16:46:19 +00:00
|
|
|
with subtest("IPv4 socket activation"):
|
|
|
|
machine.succeed("ipfs --api /ip4/127.0.0.1/tcp/2324 id")
|
|
|
|
ipfs_hash = machine.succeed(
|
|
|
|
"echo fnord | ipfs --api /ip4/127.0.0.1/tcp/2324 add --quieter"
|
|
|
|
)
|
|
|
|
machine.succeed(f"ipfs cat /ipfs/{ipfs_hash.strip()} | grep fnord")
|
2020-06-15 15:56:04 +00:00
|
|
|
|
|
|
|
machine.stop_job("ipfs")
|
|
|
|
|
2023-04-29 16:46:19 +00:00
|
|
|
with subtest("Unix domain socket activation"):
|
|
|
|
ipfs_hash = machine.succeed(
|
|
|
|
"echo fnord2 | ipfs --api /unix/run/ipfs.sock add --quieter"
|
|
|
|
)
|
|
|
|
machine.succeed(
|
|
|
|
f"ipfs --api /unix/run/ipfs.sock cat /ipfs/{ipfs_hash.strip()} | grep fnord2"
|
|
|
|
)
|
|
|
|
|
|
|
|
with subtest("Setting dataDir works properly with the hardened systemd unit"):
|
|
|
|
machine.succeed("test -e /mnt/ipfs/config")
|
|
|
|
machine.succeed("test ! -e /var/lib/ipfs/")
|
|
|
|
|
|
|
|
with subtest("FUSE mountpoint"):
|
|
|
|
fuse.fail("echo a | su bob -l -c 'ipfs add --quieter'")
|
|
|
|
# The FUSE mount functionality is broken as of v0.13.0 and v0.17.0.
|
|
|
|
# See https://github.com/ipfs/kubo/issues/9044.
|
|
|
|
# Workaround: using CID Version 1 avoids that.
|
|
|
|
ipfs_hash = fuse.succeed(
|
|
|
|
"echo fnord3 | su alice -l -c 'ipfs add --quieter --cid-version=1'"
|
|
|
|
).strip()
|
|
|
|
|
|
|
|
fuse.succeed(f"cat /ipfs/{ipfs_hash} | grep fnord3")
|
|
|
|
|
|
|
|
with subtest("Unmounting of /ipns and /ipfs"):
|
|
|
|
# Force Kubo to crash and wait for it to restart
|
|
|
|
fuse.systemctl("kill --signal=SIGKILL ipfs.service")
|
|
|
|
fuse.wait_for_unit("ipfs.service", timeout = 30)
|
|
|
|
|
|
|
|
fuse.succeed(f"cat /ipfs/{ipfs_hash} | grep fnord3")
|
2020-05-15 21:57:56 +00:00
|
|
|
'';
|
2023-04-29 16:46:19 +00:00
|
|
|
}
|